I'm a Linux and Ansible specialist with a DevOps mindset.
Would you like to know more?

Projects

To read more about my technical background, read my about page. To see a detailed list of past and present assignments, check out my Curriculum Vitae.

Nginx Ansible DevOps Vagrant Kubernetes Prometheus PHP-FPM Python

Refactory is an early adopter of the latest and greatest DevOps technologies. Because of this, they are able to quickly and efficiently help many customers overcome seemingly difficult and complex problems.

I helped Refactory to update their Ansible playbooks and roles to new and higher standards, therefor increasing scalability and maintainability. The playbooks will now be automatically checked whether they conform to the Coding Style guidelines aswell as valid syntax. A number of custom rules were developed in Python.

I also extended the playbooks to be able to run PHP applications with dedicated user accounts and roll out new websites automatically. Additionally, servers can now be updated automatically and will export statistics to Prometheus.

Refactory

Refactory is a Digital Agency that helps you deliver ambitious web solutions.

Xolphin

Xolphin helps you secure your online communication. With our experienced team, consisting of over 20 people, we provide a wide range of products, ranging from SSL certificates to digital signatures.

Nginx Ansible DevOps Vagrant

Xolphin uses a number of different websites to sell their SSL products. They wanted to switch from using Apache to Nginx, and in the process, implement a method to better maintain and more easily roll out additional websites. I have converted their existing Apache configuration to nginx virtualhosts, which are deployed using Ansible. A simple YAML configuration file is now used to describe the virtualhost and, if applicable, any settings that deviate from the defaults.

Obviously the entire setup can first be tested locally using Vagrant.

The ansible playbooks will:

  • ensure the unix users and groups exist
  • generate new Diffie-Hellman parameters (if needed)
  • create documentroots with proper permissions and ownerships
  • ensure the nginx virtualhost configurations
  • configure PHP-FPM pools per user
Sensu Ansible DevOps Vagrant Alerting

Tuxis asked me to develop Ansible playbooks that would roll out and configure Sensu across their various platforms. I developed this locally using Vagrant, I started with a basic server and client and basic checks. From there I expanded the monitoring with more complicated checks and notification methods.

Using the ansible playbooks, you can easily subscribe to sensu checks or add your own.

Tuxis Internet Engineering

Tuxis facilitates companies when delivering ICT services, applications, cloud services and hosting from the data center.

IJsvogel Retail

IJsvogel Retail is the company behind retail organisations Pets Place and Boerenbond.

DevOps Architect Online PetsPlace Boerenbond Python Buckaroo Paazl 50X AWS Varnish Nginx Docker Redis

As DevOps Architect Online, I supported a number of teams in the IJsvogel Retail organisation, the corporation behind Pets Place and Boerenbond.

I was responsible for the day-to-day operations revolving around the ecommerce platform built on Magento 2 - running on Amazon Web Services behind Varnish caching servers.

This included troubleshooting issues and reporting these to the correct suppliers, such as Payment Service Providers (Buckaroo), Magento 2 developers (50x Solutions), iOS/Android developers (Egeniq) or the Delivery Management Software provider Paazl. Together with the Online Business team I was responsible for Scrum sprint planning and project prioritization.

I also helped introduce a Customers Loyalty program (VIP Club) consisting of iOS and Android mobile apps built by Egeniq, the ecommerce website and a CRM platform built by The Valley.

Puppet VMware Python Atlassian JIRA Bitbucket Confluence Bamboo Nexus

As a DevOps engineer, I’ve been tasked to setup a new fully automated platform. Customers will be able to request a dedicated, Atlassian-stack based DTAP environment in a private cloud. Other tools like Jenkins and Rundeck may be added to the stack. I developed a Python tool that reads configuration from Puppet Hiera and consequently creates the necessary virtual machines in a VMware vCloud environment. It will also configure a private LAN for the customer as well as networking (SNAT) and firewalling rules. The public internet facing proxy servers, running nginx, will receive a signal to update their configuration. Aside from creating the DTAP environment, documentation and instructions for maintenance and provisioning new customers must be created. A follow-up project consists of migrating current customers to a new, private cloud.

Other software used:

  • Vagrant
  • PostgreSQL
  • OpenDJ (LDAP server)

Avisi BV

Custom software development, powered by passion. Delivering software projects to customers from startups & SMB's to Fortune 500 companies.

Exonet

A reliable, full service Managed Hosting provider.

DevOps Ansible ElasticSearch Mongo RabbitMQ HAProxy Varnish Nginx NodeJS Docker Graylog Kibana Logstash Memcached PostgreSQL Python Redis Ruby

I helped deploy Ansible Tower. At the time of writing Tower was being used to apply configurations to more than 150 servers every day. These configurations consist of self-written ‘roles’ aswell as the playbooks themselves. I deployed many different server setups, all using ansible playbooks, such as:

  • Magento setup:
    • This setup hosts Magento-based CMS sites.
    • Nginx is optimized with Magento-specific settings.
    • It uses NFS shared storage on a NetApp cluster.
    • Backups are made amongst others with Bacula.
    • PHP is running in php-fpm mode.
    • There is a Redis instance per website for caching.
  • Trytond setup:
    • This setup uses nginx with gunicorn as backends.
    • PostgreSQL is used as a databasebackend and Sphinx / searchd for the search functionalities.
    • Python Trytond is installed into a virtualenv.
    • Redis is used as a caching backend.
    • Every service is controlled with systemd templates.
  • Plone CMS setup:
    • This setup is load-balanced using HAProxy on a number of Zope workers and Zope database hosts.
    • Each worker runs Varnish with a number of backends for each site. These are all periodically probed and removed from the pool if they are no longer responding.
    • The customer requested ansible playbooks on one of the worker to easily deploy and update sites.
  • Docker setup:
    • This customer uses docker extensively for deploying and automatically scaling websites.
    • Containers are limited to customer-specific networks.
    • Docker networks and nginx are managed with Ansible.
  • ElasticSearch / MongoDB / PostgreSQL / RabbitMQ / Redis cluster:
    • This setup contains a number of database servers and worker servers.
    • All services are running in either cluster mode or master/slave mode.
    • Workers run apps, written in go, that are exposed to the internet via nginx.

Besides engineering new setups and clusters, customers often requested a way of testing their software on their servers, without using the “live” servers. I used Packer to create Vagrant boxes that are identical to their production servers.

I also wrote a number of tools in Python:

Other duties include customer contact via phone and e-mail (3rd line support), configuring Cisco / NetApp infrastructure, implement firewalling and VPN using Juniper and pfSense appliances and implementing two-factor authentication for SSH.

Puppet VMware PHP Ubuntu Python C# Apache MySQL

My job at TIW was two-fold: I was a Linux Engineer but also Manager of the department. As Linux engineer, my job mainly consisted of the following:

  • Managing 200+ web, mail, dns and database servers for the Shared Hosting platforms.
  • Implementing Puppet, DNSSEC, IPv6.
  • I created an Asterisk VoIP telephony system.
  • Migrated many servers from DirectAdmin, Ensim, cPanel etc to our own Control Panel.
  • Managing the network (BGP peerings and transits, IPv6 and uplinks).
  • Connecting our network to the AMS-IX and NL-IX.
  • Automatically creating VMWare virtual machines by implementing the C# API.
  • Engineering and developing the new Shared Hosting platform.
  • Developing systems administration scripts and services in Python, C# and Perl.
  • Developing and maintaining the Hosting and Domain names Control Panel for customers.
  • Third line support.

As Manager Engineering, I was responsible for the following:

  • Implement project management using Kanban/Scrum.
  • Lead the Engineering team (“Scrum” master).
  • Have periodic performance meetings with team members.
  • Ensure the company policies were applied and kept to.
  • Ensure the departmental planning were in line with corporate strategies.
  • Create and monitor budgets.
  • Measure and report on results of the department.
  • Describe, implement and ensure departemental processes.

Totaalnet Internet Works

A webhosting company in the Netherlands, hosting over 120.000 domain names and websites.

Blog posts

2016 Jun 02 - Protecting your servers against ImageTragick (CVE-2016-3714) and CVE-2016-5118 using Ansible

2016 May 19 - Applying two-factor authentication to SSH logins with Duo Security

2016 May 12 - Running ownCloud on DirectAdmin server with Nginx and PHP-FPM